(Ping! Zine Web Hosting Magazine) – 2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets. The year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result, according to a report issued today by Arbor Networks, a leading provider of security and network management solutions for converged carrier networks and next-generation data centers.
Arbor’s longstanding relationships and reputation as a trusted advisor and solution partner to service providers and network operators across the globe make this annual report possible. The report offers a rare view into the challenges of network operators on the front lines of a global battle against botnets and DDoS attacks. It is designed to provide data and insight that will enable network operators to make more informed decisions about their security strategies to ensure availability for mission-critical Internet and other IP-based infrastructure.
“Arbor Networks’ research is utterly indispensible for anyone who wants to understand the network security landscape, how it is evolving and what the implications may be,” said Ethan Zuckerman of Harvard University’s Berkman Center for Internet & Society.
DDoS attacks have gone mainstream
Botnet-driven DDoS attacks are likely to continue as a low cost, high-profile form of cyber-protest in 2011 and beyond. Major incidents in 2010 included DDoS attacks associated with the territorial disputes between China and Japan, the ongoing political turmoil in Burma and Sri Lanka and the WikiLeaks affair. The need to protect availability has finally made it onto the radar screen of enterprise IT consulting firms worldwide, and DDoS defense has consequently reached the status of a CXO-level issue globally.
Attack surface continues to expand
The DDoS attack surface describes all aspects of network infrastructure, servers, protocols and services that are vulnerable to DDoS attacks. As new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded. This presents a significant challenge for network operators. Botnet-driven volumetric and application-layer DDoS attacks continue to be the most significant problems facing operators. This year’s report also reveals attackers are targeting the infrastructure itself, specifically DNS, VoIP and IPv6.
“Network operators are facing a global Internet insurgency driven by the ubiquity of botnets. This has led to rapidly escalating DDoS attack size, frequency and sophistication,” said Roland Dobbins, solutions architect with Arbor Networks. “Adding to the challenges facing operators is the increasing number of attack vectors, including applications and services, not to mention the proliferation of mobile devices.”
Application-layer DDoS attacks are increasing in sophistication and operational impact
An alarming 77% of respondents detected application layer attacks in 2010. These attacks are targeting both their customers and their own ancillary supporting services, such as domain name system (DNS), Web portals, etc. Internet data center (IDC) operators and mobile/fixed wireless operators report that application-layer DDoS attacks are leading to significant outages, increased operational expenditures (OPEX), customer churn and revenue loss.
Increasingly sophisticated attacks expose IPS and firewall shortcomings
In an effort to achieve DDoS protection, many operators have deployed stateful firewalls and intrusion prevention system (IPS) devices to protect data center infrastructure. In actuality, these devices can render networks more susceptible to attacks as the state tables on even the most scalable versions available can be overwhelmed with a moderate size DDoS attack. Nearly 49 percent of IDC respondents reported a firewall or IPS outage due to DDoS.
Lack of preparedness on mobile networks presents new attack opportunities
The fastest-growing category of Internet service providers (ISP) —mobile and fixed wireless operators—may be the least prepared in terms of network visibility and control and overall ability to defend themselves and their customers against attack. Nearly 60 percent of respondents indicated they have limited or no visibility into the network traffic of their wireless packet cores. In addition, only 23 percent indicated they have visibility into their wireless packet cores on par with, or better than, their visibility into their wireline networks. With some notable exceptions, many mobile/fixed wireless network operators appear to have security postures approximating those of wireline operators eight to 10 years ago.
Operators are struggling to keep up their security posture through transition to IPv6
Operators expressed concern over lack of visibility into IPv6 network traffic and their inability to control that traffic to the same degree they control IPv4 traffic. The additional network state and DDoS vector introduced by deployment of 6-to-4 gateways and network address translators (NATs) is also a significant threat to availability.
DNS emerging as a top target
DNS has emerged as one of the easiest ways to DDoS a server/service/application and take it offline by denying Internet users the ability to resolve server/resource records. Additionally, the large number of misconfigured DNS open recursors, coupled with the lack of anti-spoofing deployments on many networks, allows attackers to launch overwhelming DNS reflection/amplification attacks.
The report is available for download at http://www.arbornetworks.com/report.